The Ultimate Guide to Social Engineering

[Nytro]

The Ultimate

Guide to Social

Engineering

From CSO Magazine and CSOonline.com

Contents

I. Definition

What is social engineering?

What social engineers want

How social engineers work

II. Basic Tactics

Why people fall for social

engineering and other scams

III. Prevention

IV. Social Engineers

in Action

“Pickup lines” commonly used

Lots of true stories and examples

I. Definition
What is Social Engineering?
Social engineering is the art of gaining access to buildings,
systems or data by exploiting human psychology, rather
than by breaking in or using technical hacking techniques.
For example, instead of trying to find a software vulnerability,
a social engineer might call an employee and pose as an
IT support person, trying to trick the employee into divulging
his password. The goal is always to gain the trust of one
or more of your employees.
Famous hacker Kevin Mitnick helped popularize the
term “social engineering” in the ‘90s, but the simple idea
itself (tricking someone into doing something or divulging
sensitive information) has been around for ages.
What Social Engineers Want
The goal for many social engineers is to obtain personal
information that can either directly lead them to financial
or identity theft or prepare them for a more targeted
attack. They also look for ways to install malware that gives
them better access to personal data, computer systems or
accounts, themselves. In other cases, social engineers are
looking for information that leads to competitive advantage.
Items that scammers find valuable include the following:
NN Passwords
NNAccount numbers
NNKeys
NNAny personal information
NNAccess cards and identity badges
NN Phone lists
NNDetails of your computer system
NNThe name of someone with access privileges
NN Information about servers, networks, non-public URLs,
intranet

Download:

http://assets.csoonline.com/documents/cache/pdfs/Social-Engineering-Ultimate-Guide.pdf